• State Not Answered
  • Replies 3 replies
  • Subscribers 97 subscribers
  • Views 2686 views
  • Users 0 members are here
Options
Related

¨The remote certificate is invalid according to the validation procedure¨Error while running AD sync

saba.naaz
over 2 years ago

Hi ,

I am getting the following error upon running initial sync from an AD system.

[2134003] Error running synchronization.
[System.Reflection.TargetInvocationException] Exception has been thrown by the target of an invocation.
[System.Net.WebException] The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
[System.Security.Authentication.AuthenticationException] The remote certificate is invalid according to the validation procedure.
at StdioProcessor.StdioProcessor._Execute(Job job)
at VI.Projector.JobComponent.ProjectorComponent.Activate(String task)
at VI.Projector.JobComponent.ProjectorComponent._FullProjection()

The AD connection is established correcty in sync editor and I am able to browse the AD from Sync editor and also simulation runs successfuly. Only upon actual execution , we are getting this error and Sync job is getting frozen.

Sync to same AD is working in lower environment without issues. Please suggest.

Thanks,

Saba

  • 0 over 2 years ago

    All of the tests that pass are coming from the synchronization editor, the one that is failing is the job server. Was a certificate recently changed or was TLS level changed from 1.0 to 1.1 or 1.2?

  • 0 over 2 years ago in reply to Troy Grandy

    Hi Troy, Thanks for the reply ! 

    There was no change in the certificate and TLS level is also same .

    The only scenario change here is that-- instead of Nonprod, we are connecting to same AD from Prod env.

    We have got the references of the sync projects migrated to Prod as part of system configuration migration but we created new Ad sync projects from prod env and not used those migrated from nonprod.

    I am doubtful if any reference to prev Ad connections are a playing a role here. Please suggest.

    Thanks,

    Saba

  • 0 over 2 years ago

    Saba,

    you say that you are connecting to the AD from PROD environment instead of NONPROD environment.

    This could be a trust issue. Your PROD jobserver may not trust the domain controller's certificate. This can be for the following reasons:

    - The jobserver does not trust the certificate authority that has issued the domain controller's certificate.

    --> To fix this, add the CA to the trusted root CAs on the jobserver.

    - In the sync project, you are using a DC name or IP address that is not mentioned in the certificate's subject alternative name.

    --> To fix this, in the snyc project's config, use the DC FQDN as stated in the DC's certificate.

    Hope this helps,

    Sebastian